Assistant Vice President & Vice President, Information & Technology Risk Manager (Third-Party & AI Supply Chain Risk Oversight)

Location: Singapore, SG

Job Function: Risk & Performance Management Department

Job Type: Permanent

Req ID: 16967

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide

Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed

Information & Technology Risk Management
You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner

As an Information & Technology Risk Manager (Third-Party & AI Supply Chain Risk Oversight) in GIC, you will operate as part of the Second Line of Defence (2LOD), providing independent oversight, assurance, and challenge over technology risk management activities across GIC

You will bring deep expertise in technology risk management, with a focus on third-party (supply chain) and AI supply chain risks. The role ensures that technology and vendor-related risks are effectively identified, assessed, and managed in alignment with GIC’s risk appetite, regulatory expectations, and industry best practices

Third-Party Risk Oversight

• Oversee third-party and outsourcing risk management activities, ensuring compliance with GIC’s frameworks and regulatory requirements.
• Review vendor risk assessments and due diligence results for key technology service providers (e.g., cloud, SaaS, managed services).
• Assess the adequacy of third-party control environments covering cybersecurity, data protection, and operational resilience.
• Monitor concentration risks, subcontractor dependencies, and systemic vulnerabilities within the technology supply chain.
• Support the development of third-party risk metrics and dashboards for management reporting.

AI Supply Chain Risk Oversight

• Oversee AI supply chain risk management, focusing on risks from third-party AI models, datasets, and platforms.
• Review AI vendor assessments to ensure model provenance, data lineage, and intellectual property rights are validated.
• Evaluate third-party AI providers for risks related to data integrity, bias, explainability, and security vulnerabilities.
• Assess dependencies on external AI APIs, model marketplaces, and open-source components, ensuring appropriate governance and control.
• Monitor emerging AI supply chain risks such as model poisoning, data manipulation, and systemic vulnerabilities in shared AI infrastructure.

Technology Risk Oversight

• Provide independent oversight of technology risk management activities performed by the First Line of Defence (1LOD).
• Review and challenge risk assessments, control testing, and remediation plans across key technology domains including cloud, infrastructure, cybersecurity, and data management.
• Contribute to the enhancement of GIC’s technology risk frameworks, policies, and standards.
• Advise on emerging technology risks and control expectations, ensuring alignment with regulatory and industry standards.

Independent Oversight and Assurance

• Conduct thematic and targeted reviews to assess the adequacy and effectiveness of technology, third-party, and AI supply chain controls.
• Provide independent oversight to 1LOD risk assessments and mitigation strategies.
• Partner with internal audit and other assurance functions to ensure comprehensive coverage of technology risk areas.
• Report key risk exposures, control weaknesses, and emerging issues to senior management and governance committees.

Incident Oversight and Continuous Improvement

• Oversee significant third-party or AI-related incidents, ensuring proper escalation, root cause analysis, and remediation follow-up.
• Ensure lessons learned are embedded into risk management practices.
• Stay abreast of evolving regulatory expectations and industry developments in technology, third-party, and AI risk management.
• Drive continuous improvement in oversight practices and promote a strong risk culture across technology and business teams.

• Minimally 5 years of experience in technology risk management, assurance, or audit functions, preferably within financial institutions or regulated environments.
• Deep expertise in technology risk management, with strong understanding of control frameworks, risk methodologies, and emerging technology domains.
• Proven experience in third-party risk management, outsourcing controls, and vendor governance.
• Familiarity with AI and ML technologies, particularly risks associated with AI supply chains, model governance, and data sourcing.
• Strong understanding of regulatory expectations and frameworks (e.g., MAS TRM, MAS Outsourcing Guidelines, HKMA, ISO 27036, NIST AI RMF, EU AI Act).
• Excellent analytical, communication, and stakeholder management skills, with the ability to influence senior management and technical teams.
• Strong organizational and problem-solving skills, with the ability to manage multiple priorities in a dynamic environment.
• Commitment to continuous learning and staying current with evolving technology and AI risk landscapes.

Work at the Point of Impact

We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact

Flexibility at GIC

At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection. At the same time, we believe that flexibility allows us to do our best work and be our best selves. Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise

GIC is an equal opportunity employer

As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution

Learn more about our Risk & Performance Management Department here: https://gic.careers/group/risk-performance-management/